Hi there,
I have been looking into using the RaspberryPI (RPI) and splunk coupled with a SPAM port to monitor network traffic.
Now, I know there is only Stream and the Universal forwarder that are ported for ARM architecture.
Does this mean I have to have Splunk light/ indexer on a seperate machine - Can I get what I need out of using just the forwarder and the Stream app, or do I need the Splunk Light base too?
I've tried the documentation, my understanding is that I would have to have Splunk on a seperate machine, with RPI forwarding information to it. Is the Stream app not standalone? I would rather everything I need on the RPI alone without the need for a second machine.
Many thanks for any clarification you can provide!
There is a limited distribution of the Independent Stream Forwarder available until Dec 1. Please contact your Technical Sales team to arrange for a time-limited test of this software.
The following speaks about it - Splunk Stream on a Raspberry Pi? YES!
It shows -
You said -
-- I've tried the documentation, my understanding is that I would have to have Splunk on a seperate machine, with RPI forwarding information to it. Is the Stream app not standalone? I would rather everything I need on the RPI alone without the need for a second machine.
So, as you said, the preferred way is to have Splunk on a separate machine and the forwarder and the App for Stream on the Raspberry Pi machine.